This is the first CCIE practice lab of seven in the book "CCIE Security Practice Labs (CCIE Self-Study)." It is multi-protocol and multi-technology, testing you in areas such as Routing, Switching, Security, and VPN, as outlined in the CCIE Security blueprint.

This chapter is from the book

All labs in this book are multi-protocol, multi-technology, testing you in
areas such as Routing, Switching, Security, and VPN, as outlined in the CCIE
Security blueprint. When you first read the questions in the lab, you might find
them fairly easy, but they are carefully written to present high complexity and
many hidden problems. Such is the case in the real CCIE lab exam.

To assist you, solutions are provided for the entire lab, including
configurations and common show command outputs from all the devices in
the topology. Furthermore, a "Verification, Hints, and Troubleshooting
Tips" section is provided, which gives you tips and hints to troubleshoot
and identify the hidden problem or trick in the question.

This is the first lab of seven in this book. Each lab is 8 hours and weighs
100 marks, passing of which is 80 marks. The objective is to complete the lab
within 8 hours and obtain a minimum of 80 marks to pass. This test has been
written such that you should be able to complete all questions, including
initial configuration (such as IP addressing), within 8 hours; this excludes
cabling time. Allow up to 1 hour for cabling, use the cabling instructions, and
observe the instructions in the general guidelines. You can use any combination
of routers as long as you fulfill the topology diagram in Figure 1-1. It is not
compulsory to use the same model of routers.

NOTE

Cabling and IP addressing are already completed on the real CCIE Lab. You are
not required to do any cabling or the IP addressing.

Equipment List

6 routers with the following specifications (all routers are to be loaded
with the latest Cisco IOS version in 12.1(T) train):

R1  4 serial, 1 BRI (with IP Plus image)

R2  2 serial, 1 Ethernet (with IP Plus + Firewall image)

R3  2 serial, 1 Ethernet, 1 BRI (with IP Plus + IPSec 56 image)

R4  1 serial, 1 Ethernet (with IP Plus + Firewall + IPSec 56 image)

R5  1 serial, 1 Ethernet (with IP Plus image)

R6  5 serial, 3 Ethernet (with IP Plus + IPSec 56 image)

1 switch 3550

1 PIX  2 interfaces (with version 6.x)

1 PC with Windows 2000 Server with CiscoSecure ACS 3.x+

The IDS device in the topology is not required; it is there to give you
an idea to configure other aspects of this lab. Subsequent chapters do require a
Network IDS appliance.